03-01-2011 09:09 AM
I had a one public ip on eht0/0 x.y.187.33/26. On this interface i had a MIP to mail server and other services. Everything was fine, until we bought edgepoint tandberg 95MXP.
Our provider has allocated public ip's in different subnet for this endpoints x.y.186.136/29. I configure route x.y.186.136 to eth0/2 and create policy (Untrust to Trust) to allow VoIP Services on x.y.186.138. Eth0/2 have ip x.y.186.137.
And now i have a problems:
1. When h323 alg is on, i can do outgoing call and a quality is perfect, but incoming call don't work. Then i receive incoming call on edgepoint , i can see ringing, but then press Answer the connection is closed.
2. When h323 alg is off, i can do outgoing and receive incoming calls, but the quality is poor. Too many dropped packets (30-40%), video freezes, had a lot artefacts, sound loses words.
How to set up SSG5 so that I could make a call with a good quality as well as receive?
Solved! Go to Solution.
03-03-2011 09:31 AM
You can find detailed instructions in the C&E book, however for basic instructions you can do the following:
Create a VIP or MIP (It depends if you have extra real IPs)
Create policies allowing H.323 traffic from and to the virtual ip your mapping to e.g. from your untrust zone or internet connection zone to the VOIP device
03-04-2011 01:55 AM
I read this and try to do, but it does not work.
VIP cannot be creating, Message: The Virtual IP must be in same subnet as the interface IP
I configured SSG by http://kb.juniper.net/InfoCenter/index?page=conten
Section 'Server Public IP address is on different network than the Untrust interface IP address'
My final configuration is a combination of KB12631 and C & E book Volume 6 VoIP, but maybe i something doing wrong. Basic problem for me is different subnet for edgepoint. In examples what i find all doing on same ip or subnet.
04-18-2011 03:57 AM
I think you can only have one VIP instance bound to the untrust interface which you use to map different ports to different IP addresses.
So are you trying to add another VIP or just need to add another port to be VIP'ed?
You can allways configure "ignore subnetconflict" at the VR level but be sure you know what you are doing. You can then define as many overlapping subnets as you like.